Search in sources :

Example 1 with ProjectEntity

use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.

the class JoinProject method runCommand.

@Override
public Object runCommand() throws RepositoryException, IOException {
    UserDatabase userRepository = getContext().getUserRepository();
    UserEntity me = getContext().loginDirect();
    ProjectEntity project = userRepository.findProjectByKey(projectKey.getKey());
    if (project == null) {
        throw new CliException("Project not found: " + projectKey.getKey());
    }
    SecretStore secretStore = new SecretStore(project.secretData);
    CryptoKey projectSecret = secretStore.getSecretFromUser(me);
    if (projectSecret == null) {
        String msg = "Cannot retrieve project secret.";
        msg += " Is " + me.key + " a member of " + project.getName() + "?";
        throw new CliException(msg);
    }
    if (Strings.isNullOrEmpty(roleKey)) {
        throw new CliException("Role is required");
    }
    RoleId role = new RoleId(roleKey);
    userRepository.addUserToProject(username.getKey(), project.getName(), projectSecret, Collections.singletonList(role));
    return project;
}
Also used : CliException(com.fathomdb.cli.CliException) ProjectEntity(org.platformlayer.auth.ProjectEntity) UserDatabase(org.platformlayer.auth.UserDatabase) CryptoKey(com.fathomdb.crypto.CryptoKey) SecretStore(org.platformlayer.auth.crypto.SecretStore) RoleId(org.platformlayer.model.RoleId) UserEntity(org.platformlayer.auth.UserEntity)

Example 2 with ProjectEntity

use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.

the class KeychainResource method authorizeCertificateChain.

@POST
public ValidateTokenResponse authorizeCertificateChain(@QueryParam("project") String project, CertificateChainInfo chain) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    UserEntity userEntity = null;
    try {
        boolean unlock = false;
        userEntity = userAuthenticator.findUserFromKeychain(chain, unlock);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    if (userEntity == null) {
        throw404NotFound();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    // response.access.token = new Token();
    // response.access.token.expires = checkTokenInfo.expiration;
    // response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        // Note that we do not unlock the user / project; we don't have any secret material
        // TODO: We could return stuff encrypted with the user's public key
        // projectEntity.unlockWithUser(userEntity);
        //
        // if (!projectEntity.isSecretValid()) {
        // throw404NotFound();
        // }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) UserEntity(org.platformlayer.auth.UserEntity) POST(javax.ws.rs.POST)

Example 3 with ProjectEntity

use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.

the class CreateProject method runCommand.

@Override
public Object runCommand() throws RepositoryException {
    UserDatabase userRepository = getContext().getUserRepository();
    // We need to login to unlock the user key so we can encrypt the project key!
    UserEntity me = getContext().loginDirect();
    if (projectKey.contains("@@")) {
        throw new CliException("Project names with @@ are reserved for system uses");
    }
    ProjectEntity project = userRepository.createProject(projectKey, me);
    return project;
}
Also used : CliException(com.fathomdb.cli.CliException) ProjectEntity(org.platformlayer.auth.ProjectEntity) UserDatabase(org.platformlayer.auth.UserDatabase) UserEntity(org.platformlayer.auth.UserEntity)

Example 4 with ProjectEntity

use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.

the class PkiResource method signCertificate.

@POST
@Path("csr")
public SignCertificateResponse signCertificate(SignCertificateRequest request) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    // TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
    // if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
    // throw404NotFound();
    // }
    //
    // UserEntity user = null;
    // try {
    // user = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
    // } catch (AuthenticatorException e) {
    // log.warn("Error while fetching user", e);
    // throwInternalError();
    // }
    //
    // if (user == null) {
    // throw404NotFound();
    // }
    String projectKey = request.project;
    ProjectEntity project = null;
    try {
        project = userAuthenticator.findProject(projectKey);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching project", e);
        throwInternalError();
    }
    if (project == null) {
        throw404NotFound();
    }
    project.setProjectSecret(FathomdbCrypto.deserializeKey(request.projectSecret));
    // Note that we do not unlock the user / project; we don't have any secret material
    // TODO: We could return stuff encrypted with the user's public key
    // projectEntity.unlockWithUser(userEntity);
    //
    // if (!projectEntity.isSecretValid()) {
    // throw404NotFound();
    // }
    // UserProjectEntity userProject = null;
    // try {
    // userProject = userAuthenticator.findUserProject(user, project);
    // } catch (AuthenticatorException e) {
    // log.warn("Error while fetching project", e);
    // throwInternalError();
    // }
    //
    // if (userProject == null) {
    // // Not a member of project
    // throw404NotFound();
    // }
    //
    // boolean isOwner = false;
    // for (RoleId role : userProject.getRoles()) {
    // if (role.equals(RoleId.OWNER)) {
    // isOwner = true;
    // }
    // }
    //
    // if (!isOwner) {
    // throwUnauthorized();
    // }
    List<X509Certificate> certificates = null;
    try {
        certificates = pki.signCsr(project, request.csr);
    } catch (OpsException e) {
        log.warn("Error while signing CSR", e);
        throwInternalError();
    }
    SignCertificateResponse response = new SignCertificateResponse();
    response.certificates = Lists.newArrayList();
    for (X509Certificate cert : certificates) {
        response.certificates.add(CertificateUtils.toPem(cert));
    }
    return response;
}
Also used : OpsException(org.platformlayer.ops.OpsException) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) X509Certificate(java.security.cert.X509Certificate) SignCertificateResponse(org.platformlayer.auth.model.SignCertificateResponse) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 5 with ProjectEntity

use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.

the class TokensResource method validateToken.

@GET
// @HEAD support is automatic from the @GET
@Path("{tokenId}")
public ValidateTokenResponse validateToken(@PathParam("tokenId") String checkToken, @QueryParam("project") String project) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
    if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
        throw404NotFound();
    }
    UserEntity userEntity = null;
    try {
        userEntity = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    response.access.token = new Token();
    response.access.token.expires = checkTokenInfo.expiration;
    response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        projectEntity.unlockWithUser(userEntity);
        if (!projectEntity.isSecretValid()) {
            throw404NotFound();
        }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) Token(org.platformlayer.auth.model.Token) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) TokenInfo(org.platformlayer.auth.services.TokenInfo) UserEntity(org.platformlayer.auth.UserEntity) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Aggregations

ProjectEntity (org.platformlayer.auth.ProjectEntity)6 UserEntity (org.platformlayer.auth.UserEntity)4 AuthenticatorException (org.platformlayer.auth.AuthenticatorException)3 CliException (com.fathomdb.cli.CliException)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2 UserDatabase (org.platformlayer.auth.UserDatabase)2 UserProjectEntity (org.platformlayer.auth.UserProjectEntity)2 Token (org.platformlayer.auth.model.Token)2 ValidateAccess (org.platformlayer.auth.model.ValidateAccess)2 ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)2 CryptoKey (com.fathomdb.crypto.CryptoKey)1 X509Certificate (java.security.cert.X509Certificate)1 GET (javax.ws.rs.GET)1 RepositoryException (org.platformlayer.RepositoryException)1 SecretStore (org.platformlayer.auth.crypto.SecretStore)1 Access (org.platformlayer.auth.model.Access)1 SignCertificateResponse (org.platformlayer.auth.model.SignCertificateResponse)1 TokenInfo (org.platformlayer.auth.services.TokenInfo)1 RoleId (org.platformlayer.model.RoleId)1